Skip to content

Commit fe88c8a

Browse files
nojnhuhnojnhuh
committed
ref(build): clean up VERIFY_TAGS
This change refactors how images are pushed by using the publish-image.sh script to do all `docker push` operations and enforcing `VERIFY_TAGS` there, exiting with a non-zero exit code when appropriate. In addition, `VERIFY_TAGS` uses the strings `true`/`false` instead of `1`/`0`. Fixes openservicemesh#4144 Signed-off-by: Jon Huhn <[email protected]>
1 parent d81ba22 commit fe88c8a

File tree

3 files changed

+27
-20
lines changed

3 files changed

+27
-20
lines changed

.github/workflows/pre-release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ jobs:
4545
- name: Push images with version tag
4646
env:
4747
CTR_TAG: ${{ needs.version.outputs.version }}
48-
run: make docker-push VERIFY_TAGS=1
48+
run: make docker-push VERIFY_TAGS=true
4949
- name: Push images with latest tag
5050
env:
5151
CTR_TAG: latest

Makefile

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ DIST_DIRS := find * -type d -exec
66
CTR_REGISTRY ?= openservicemesh
77
CTR_TAG ?= latest
88
CTR_DIGEST_FILE ?= /tmp/osm_image_digest_$(CTR_TAG).txt
9-
VERIFY_TAGS ?= 0
9+
VERIFY_TAGS ?= false
1010

1111
GOPATH = $(shell go env GOPATH)
1212
GOBIN = $(GOPATH)/bin
@@ -253,7 +253,7 @@ DOCKER_PUSH_CONTROL_PLANE_TARGETS = $(addprefix docker-push-, init osm-controlle
253253
.PHONY: $(DOCKER_PUSH_CONTROL_PLANE_TARGETS)
254254
$(DOCKER_PUSH_CONTROL_PLANE_TARGETS): NAME=$(@:docker-push-%=%)
255255
$(DOCKER_PUSH_CONTROL_PLANE_TARGETS):
256-
@if [ $(VERIFY_TAGS) != 1 ]; then make docker-build-$(NAME) && docker push "$(CTR_REGISTRY)/$(NAME):$(CTR_TAG)"; else bash scripts/publish-image.sh "$(NAME)" "linux" "$(CTR_REGISTRY)"; fi
256+
scripts/publish-image.sh "$(NAME)" "linux" "$(CTR_REGISTRY)" "$(CTR_TAG)"
257257
@docker images --digests | grep "$(CTR_REGISTRY)/$(NAME)\s*$(CTR_TAG)" >> "$(CTR_DIGEST_FILE)"
258258

259259

@@ -262,15 +262,15 @@ DOCKER_PUSH_LINUX_TARGETS = $(addprefix docker-push-, $(DEMO_TARGETS))
262262
.PHONY: $(DOCKER_PUSH_LINUX_TARGETS)
263263
$(DOCKER_PUSH_LINUX_TARGETS): NAME=$(@:docker-push-%=%)
264264
$(DOCKER_PUSH_LINUX_TARGETS):
265-
@if [ $(VERIFY_TAGS) != 1 ]; then make docker-build-$(NAME) && docker push "$(CTR_REGISTRY)/$(NAME):$(CTR_TAG)"; else bash scripts/publish-image.sh "$(NAME)" "linux" "$(CTR_REGISTRY)"; fi
265+
scripts/publish-image.sh "$(NAME)" "linux" "$(CTR_REGISTRY)" "$(CTR_TAG)"
266266

267267

268268
# Windows demo applications
269269
DOCKER_PUSH_WINDOWS_TARGETS = $(addprefix docker-push-windows-, $(DEMO_TARGETS))
270270
.PHONY: $(DOCKER_PUSH_WINDOWS_TARGETS)
271-
$(DOCKER_PUSH_WINDOWS_TARGETS): NAME=$(@:docker-push-%=%)
271+
$(DOCKER_PUSH_WINDOWS_TARGETS): NAME=$(@:docker-push-windows-%=%)
272272
$(DOCKER_PUSH_WINDOWS_TARGETS):
273-
@if [ $(VERIFY_TAGS) != 1 ]; then make ARGS=--output=type=registry docker-build-$(NAME); else bash scripts/publish-image.sh "$(NAME)" "windows" "$(CTR_REGISTRY)"; fi
273+
scripts/publish-image.sh "$(NAME)" "windows" "$(CTR_REGISTRY)" "$(CTR_TAG)"
274274

275275

276276
.PHONY: docker-control-plane-push

scripts/publish-image.sh

100644100755
Lines changed: 21 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,13 @@
11
#!/bin/bash
22
# shellcheck disable=SC1091
33

4+
set -euo pipefail
5+
46
IMAGE_NAME="$1"
57
OS="$2"
68
IMAGE_REPO="$3"
9+
CTR_TAG="$4"
10+
VERIFY_TAGS="${VERIFY_TAGS:-false}"
711

812
if [ -z "${IMAGE_NAME}" ]; then
913
echo "Error: IMAGE_NAME not specified"
@@ -22,19 +26,22 @@ if [ -z "${CTR_TAG}" ]; then
2226
exit 1
2327
fi
2428

25-
tokenUri="https://auth.docker.io/token?service=registry.docker.io&scope=repository:$IMAGE_REPO/$IMAGE_NAME:pull"
26-
bearerToken="$(curl --silent --get "$tokenUri" | jq --raw-output '.token')"
27-
listUri="https://registry-1.docker.io/v2/$IMAGE_REPO/$IMAGE_NAME/tags/list"
28-
authz="Authorization: Bearer $bearerToken"
29-
version_list="$(curl --silent --get -H "Accept: application/json" -H "$authz" "$listUri" | jq --raw-output '.')"
30-
exists=$(echo "$version_list" | jq --arg t "${CTR_TAG}" '.tags | index($t)')
31-
32-
if [[ $exists == null ]]
33-
then
34-
if [[ $OS == "linux" ]]; then
35-
make docker-build-"$IMAGE_NAME"
36-
docker push "$IMAGE_REPO/$IMAGE_NAME:${CTR_TAG}" || { echo "Error pushing images to container registry $CTR_REGISTRY/$IMAGE_NAME:$CTR_TAG"; exit 1; }
37-
else
38-
make ARGS=--push "docker-build-$IMAGE_NAME"
29+
if [[ "$VERIFY_TAGS" == "true" ]]; then
30+
tokenUri="https://auth.docker.io/token?service=registry.docker.io&scope=repository:$IMAGE_REPO/$IMAGE_NAME:pull"
31+
bearerToken="$(curl --silent --get "$tokenUri" | jq --raw-output '.token')"
32+
listUri="https://registry-1.docker.io/v2/$IMAGE_REPO/$IMAGE_NAME/tags/list"
33+
authz="Authorization: Bearer $bearerToken"
34+
version_list="$(curl --silent --get -H "Accept: application/json" -H "$authz" "$listUri" | jq --raw-output '.')"
35+
exists=$(echo "$version_list" | jq --arg t "${CTR_TAG}" '.tags | index($t)')
36+
if [[ $exists != null ]]; then
37+
echo "image $IMAGE_REPO/$IMAGE_NAME:$CTR_TAG already exists and \$VERIFY_TAGS is set"
38+
exit 1
3939
fi
4040
fi
41+
42+
if [[ $OS == "linux" ]]; then
43+
make "docker-build-$IMAGE_NAME"
44+
docker push "$IMAGE_REPO/$IMAGE_NAME:$CTR_TAG"
45+
else
46+
make ARGS=--push "docker-build-windows-$IMAGE_NAME"
47+
fi

0 commit comments

Comments
 (0)